- 4 Barriers to Effectively Overseeing Third-Party Vendor SecuritySeptember 17, 2015
Corporate cybersecurity risk is drawing federal attention: According to the Wall Street Journal, the US Securities and Exchange Commission now mandates that companies report "cybersecurity risks that could affect the business or its registrants materially" on their 10-K statements. The SEC wants businesses to err on the side of full disclosure, but for many organizations, even… READ MORE
Stay up to date on Application Security
- Shadow IT: The Costs of Coloring Outside the LinesSeptember 16, 2015
The cloud. Mobile devices. High-availability networks. These and other technological advances have empowered users to work with greater efficiency and with lower spend, but they come with an unintended side effect: the consumerization of IT. Where employees once leaned on IT admins to troubleshoot any problems or install new software, they're now able to perform the same tasks via easy-to-use… READ MORE
- Supply-Chain Risk Management: 4 Tips to Tackle the Elephant in the RoomAugust 31, 2015 | Managing AppSec
Most companies don't want to talk about their supply chains and risk management in the same sentence, let alone bring this topic to the boardroom. Why? Because, as a recent Harvard Business Review (HBR) article points out, "suppliers tend to be optimistic about the information they provide," while companies looking to bolster their bottom lines without breaking the budget are often… READ MORE
Data breaches are on the rise. According to a recent Forbes article, more than 675 million records were compromised last year. What's more, these breaches weren't limited to a single sector: retail, financial and even post-secondary institutions were all victimized. That means IT security must evolve, and that evolution starts with the Chief Information Security Officer (CISO). In a new… READ MORE
- Gartner Report Details the Value of Security Programs and Creating an Executive LinkJuly 29, 2015 | Managing AppSec
Cybersecurity is a now a top priority for board members. According to Help Net Security's report on a recent NYSE Governance Services/Veracode survey, over 80 percent of respondents said security was discussed at "most or all" boardroom meetings. But there's a disconnect: Sixty-six percent of those surveyed said they were "not fully confident their companies are properly… READ MORE
Discovering vulnerabilities is an essential part of effective security testing; companies pay good money for services to accomplish this goal with rigor and precision. Many enterprises now offer "bug bounties" to encourage white-hat hackers to deliberately penetrate systems and then report the results. One such independent security researcher is Chris Roberts, a cybersecurity consultant… READ MORE
- DevOps: The Rise of Subtle SecurityJuly 8, 2015
What's in a name? If you're talking about the emerging idea of DevOps, then there's an easy answer: everything. As noted by Forbes, there's no single definition of the term; however, according to Adam Jacob, CTO of Chef Software, "DevOps is the experience of people who are using it to transform their businesses." In other words, the name means different things to… READ MORE
- Threat Profile: Cross-Site Request ForgeryJune 30, 2015
What is Cross-Site Request Forgery (CSRF)? More importantly, how can your business take action against it? Here's everything you need to know about this threat, its potential impact and your best defense. Cross-Site Basics CSRF attacks are listed among the OWASP Top 10, but they are often overlooked in favor of Cross-Site Scripting (XSS) vulnerabilities, advanced malware or inherent software… READ MORE
- Is Executive Communication the New CISO Challenge?June 29, 2015
CISOs play a critical role keeping a company's most critical asset — data — safe from both internal and external threats. But they're now tasked with the job of mastering executive communication, so they can both engage other C-suite members and give them a practical understanding of cybersecurity risk. As noted by CIO, "tension" between the CISO and other members of… READ MORE
Third-party software can be problematic. Just ask American Airlines, which recently experienced an issue with its iPad-based electronic flight bags. A misconfiguration in third-party mapping software caused the devices to crash when pilots tried to access a specific map, in turn delaying flights and frustrating crew members. Thankfully, the issue wasn't malicious, but it does highlight the… READ MORE
Application Security Tool Kit
Love to learn about Application Security?
Get all the latest news, tips and articles delivered right to your inbox.
No thanks, back to the article please.